2. Introduction
MPLS (Multi-Protocol Label Switching) is matured technology & has widely been opted by most of the
service providers across the globe. Initially it has been deployed for fast switching but due to its
scalability, resiliency & protocol agnostic nature made it more successful across the network. MPLS not
only provides the wan connectivity but also acts as a platform for service providers to offer different
kind of services which can further be used for monetization purpose.
VPLS (Virtual Private LAN Services) is one of the service offering in MPLS which helps to provide the
extension of broadcast domain from one to multiple sites over the wan. VPLS became more popular
after the outburst of data center interconnects. The utmost reason for the extension of layer 2 domains
is workload mobility (Migration of Virtual machines from one data center to another), high availability
clusters, and geographical redundancy.
Current Challenges with VPLS
1. Scaling of thousands of MAC addresses (Single VM requires single mac address):- Virtualization
applications are fueling the need of the mac-address in the network. A single server which can
host hundreds of virtual machines and every machine consume one mac address which clearly
justifies the scaling requirement of mac-address tables.
2. Optimal forwarding of multicast:- Multicast LSP can be formed in conjunction with VPLS but
limited to point to multipoint which consumes more network resources as there is no defined
set of parameters in VPLS to create multipoint to multipoint multicast LSPs.
3. MultiHoming:- VPLS supports Active/standby BGP multi homing model. MultiHoming with all
active attached circuits is not possible. In contract, customer can utilize only 50% of the links in
lieu of 100% payment.
4. C-Mac (Customer Mac) Transparency:- Current VPLS solution doesn’t support the transparency
of customer mac address.
5. Fast Convergence for C-Mac Flushing:- In case of failure of virtual machines or physical servers,
network re-convergence will occur which may lead to the mac flushing problems.
Shivlu Jain www.mplsvpn.info
3. Proposed Solution
Ethernet Virtual Private Network (E-VPN) is the proposed solution to overcome the issues highlighted by
VPLS. E-VPN uses the existing MPLS/IP backbone to transport the layer 2 connectivity among the various
data centers which are part of same VPN. Being layer-2 extension, the solution treats the mac addresses
as routable addresses and uses the existing MP-iBGP protocol to carry the customer mac addresses. In E-
VPN, mac learning at the edge routers doesn’t occur in data plane but in the control plane consequences
more control could be applied in terms of the learning mechanism. The process is similar to the IPVPN as
mentioned in RFC 4364. The policy attributes specified in E-VPN are almost similar in MPLS VPN. RD and
RT remains the same, but instead of virtual routing forwarding instance we have now Ethernet VPN
Instance. The information about Ethernet TAG of EVI is advertised by the new BGP NLRI which is E-VPN.
P2 P1
MES2 100
MES2 MES2 100 22
MES1
Destination EVPN Destination EVPN IGP Label
MES2 100 20
MPLS
CLOUD Destination EVPN IGP Label
MES2 100 PHP MES2 100 21
Destination EVPN Destination EVPN IGP Label
H2,M2 H1,M1
Source Destination
Data Center P3 Data Center
Cloud Cloud
H1,M1
Traffic Forwarding From Host(H2,M2) To Host(H1,M1)
Figure 1
In EVPN, the mac learning could be of two types:-
1. Local Mac Learning
2. Remote Mac Learning
In local mac learning process, MPLS Edge Switch (MES) must support the local mac learning process
through standard protocols. Once the local learning process gets complete, MES can advertise the
locally learn mac address to remote MES nodes via MP-iBGP. This process of receiving the remote mac
addresses of attached customer via MP-iBGP is known as remote mac learning process.
Shivlu Jain www.mplsvpn.info
4. Solution for MultiHoming and Avoiding Layer 2 Loops in EVPN
Ethernet Segment ID (ESI) is used when Customer Edge device is multi homed to different MPLS Edge
Switches as shown in Figure 2. It has new MPLS BGP Label Extended community which is used for split
horizon procedures in multi homing scenarios. As depicted in figure 2, host H1 has mac address of M1. It
sends the broadcast request to MES-1 and MES2. MES-1 and MES-2 identified that the request is coming
from Extended Segment ID-1, so before replicating the frames both MESs will append a split horizon
label on the frames. Once it will be done, frames get exchanged among the MESs. All MESs check the SH
label and if found the same ESI-1 is directly attached, the traffic is silently dropped because a frame
originated by a segment must not be received by the same segment. This technique helps to avoid
loops in multi homing scenarios.
Step-2
MES-1 will append split
horizon(SH) label for
multi destination and
distributes over MP- Step-3
iBGP. MES-2,MES-3 and MES-3 will install that
MES-4will use SH label route as nexy hop MES-
Step-1 1 and MES-2
to perform split horizon
H1,M1 sends broadcast
filtering for frames
request as source mac
destines to ESI-1.
M1 and destination as
Broadcast
MES-1 MES-3
ESI-1
Data Center Data Center
Cloud/Enterprise MP-iBGP
Full Mesh Cloud/Enterprise
H1,M1
H2,M2
MES-2 MES-4
Step-1
H1,M1 sends broadcast
request as source mac Step-2
M1 and destination as MES-2 will append split
Step-3
Broadcast horizon(SH) label for
MES-4 will install that
multi destination and
route as next hop MES-
distributes over MP-
1 and MES-2
iBGP. MES-2,MES-3 and
MES-4will use SH label
to perform split horizon
filtering for frames
destines to ESI-1.
Figure 2
Shivlu Jain www.mplsvpn.info
5. Note:- Split horizon label is only used for unknown unicast, multicast and broadcast
Role of Designated Forwarder
As per figure 2, MES-3 and MES-4 will receive the multi destination frames via MP-iBGP for particular
segment. How will it be decided which MES has to forward the frames to downstream segment? Only
Designated Forwarder will forward the frames to particular segment and Designated forwarder election
is performed by each PE advertising the ESI in BGP route. All the non-Designated Forwarder MES will
block their respective port for that segment as shown in Figure 3.
MES-3 is elected as
Designated
Forwarder(Highest IP
Address) for ESI-2
segment.
MES-1 MES-3
ESI-1
Data Center Data Center
MP-iBGP ESI-2
Cloud/Enterprise Cloud/Enterprise
Full Mesh
H1,M1
X H2,M2
MES-2 MES-4
MES-4 is elected as
non-Designated
Designated Forwarder Election
Forwarder for ESI-2
segment. So MES-4 port
towards ESI-2 Segment
will remain in blocking
state
Figure 3
Load Balancing
As per figure 3, MES-3 & MES-4 is receiving the update of host H1 with Mac M1 from MES-1 and MES-2
with Ethernet segment of ESI-1. So MES-3 and MES-4 install the two routes in the Forwarding
Information Base. Once the traffic of M1 destination is received both the routers will do the load
balancing during forwarding. The core will forward the traffic on the basics of next hop information for
M1 which is MES-1 and MES-2.
Shivlu Jain www.mplsvpn.info
6. Scaling by using Provider Backbone Bridge (PBB)
The EVPN scalability is achieved by using the existing technique of Provider Backbone Bridge aka PBB.
Below are the advantages while using PBB in EVPN:-
1. Subnetting of C-MAC addresses is not possible. But by using PBB, B-MAC addresses can be
subnetted easily which leads to mac address scalability.
2. In case of shifting of VM or local customer networks from one DC to another requires lot of mac
flushing. But by using B-MAC that C-MAC flushing will become transparent which leads to fast
convergence.
3. Per Site Policy Support by using B-MAC
4. Device MultiHoming
5. Network MultiHoming
6. C-MAC addresses need to be distributed in BGP but by using PBB-EVPN C-MAC advertisement
could be limited by assigning multiple C-MAC addresses to single B-MAC address.
References
EVPN requirement
http://tools.ietf.org/html/draft-sajassi-raggarwa-l2vpn-evpn-req-00
BGP/MPLS IP VPN
http://tools.ietf.org/html/rfc4364
PBB-EVPN
http://tools.ietf.org/html/draft-ietf-l2vpn-pbb-evpn-03
VPLS
http://tools.ietf.org/html/rfc4762
EVP
http://tools.ietf.org/html/draft-ietf-l2vpn-evpn-00
Shivlu Jain www.mplsvpn.info